Nothing Special   »   [go: up one dir, main page]

US6317755B1 - Method and apparatus for data backup and restoration in a portable data device - Google Patents

Method and apparatus for data backup and restoration in a portable data device Download PDF

Info

Publication number
US6317755B1
US6317755B1 US09/360,571 US36057199A US6317755B1 US 6317755 B1 US6317755 B1 US 6317755B1 US 36057199 A US36057199 A US 36057199A US 6317755 B1 US6317755 B1 US 6317755B1
Authority
US
United States
Prior art keywords
data
backup
memory
transaction
reader
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
US09/360,571
Inventor
Patrick L. Rakers
Timothy James Collins
Daniel J. Russell
Sam DiRaimondo
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Google Technology Holdings LLC
Original Assignee
Motorola Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Motorola Inc filed Critical Motorola Inc
Priority to US09/360,571 priority Critical patent/US6317755B1/en
Assigned to MOTOROLA, INC. reassignment MOTOROLA, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: COLLINS, TIMOTHY JAMES, RAKERS, PATRICK L., DIRAIMONDO, SAM W., RUSSELL, DANIEL J.
Priority to PCT/US2000/018272 priority patent/WO2001008049A1/en
Priority to AU60665/00A priority patent/AU6066500A/en
Priority to TW089113395A priority patent/TW466448B/en
Priority to ARP000103830A priority patent/AR024926A1/en
Publication of US6317755B1 publication Critical patent/US6317755B1/en
Application granted granted Critical
Assigned to Motorola Mobility, Inc reassignment Motorola Mobility, Inc ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MOTOROLA, INC
Assigned to MOTOROLA MOBILITY LLC reassignment MOTOROLA MOBILITY LLC CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: MOTOROLA MOBILITY, INC.
Assigned to Google Technology Holdings LLC reassignment Google Technology Holdings LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MOTOROLA MOBILITY LLC
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1415Saving, restoring, recovering or retrying at system level
    • G06F11/1441Resetting or repowering
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/357Cards having a plurality of specified features
    • G06Q20/3576Multiple memory zones on card
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10TECHNICAL SUBJECTS COVERED BY FORMER USPC
    • Y10STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10S707/00Data processing: database and file management or data structures
    • Y10S707/99951File or database maintenance
    • Y10S707/99952Coherency, e.g. same view to multiple users
    • Y10S707/99955Archiving or backup

Definitions

  • the present invention relates generally to a method and apparatus for data backup and restoration in a smartcard, and in particular, to a method and apparatus for recovering the state of the data if the transaction is improperly terminated.
  • EEPROM electrically erasable programmable read-only-memory
  • the current solution to handling a tear and preventing the wrong data from being programmed into the EEPROM is illustrated in FIG. 1 .
  • the EEPROM 102 is segmented into a plurality of sectors of memory.
  • a plurality of applications and a plurality of backup memory buffers are programmed into the plurality of sectors of EEPROM memory.
  • the plurality of backup memory buffers must equal the plurality of applications, thus providing a dedicated backup memory buffer for each application.
  • Using the dedicated backup memories for each application provides the current solution for providing memory correction of a particular application in the event of a tear.
  • a disadvantage to using a dedicated backup memory buffer for each application programmed on the EEPROM 102 is the large amount of valuable memory space required. The number of bits modified during a transaction can be large resulting in large and expensive dedicated backup memory buffers 112 - 118 . Accordingly, there exists a need for insuring the correct data is restored in the smartcard memory in the event of a tear without seriously impacting the size of the smartcard's memory.
  • the current state of the art allows the EEPROM 102 to restore the valid state of the data only when the application that experienced the tear is launched. As a result, the valid data remains stored in a dedicated backup memory buffer until the corresponding application is launched. Having the restoration scheme used in the prior art results in a large amount of memory being required and used.
  • FIG. 2 displays the memory configuration for the prior art. As shown, the data field locations are fixed for all applications and are public knowledge. Fixed data fields in known locations allow unscrupulous individuals to easily modify the desired data fields since all applications place certain data in the same location (e.g., the first memory block of each sector of memory). Accordingly, there exists a need for placing the data in different locations in order to make it difficult for an unscrupulous individual to determine which data fields should be modified.
  • the prior art stores the desired data fields in the same location for all applications, the prior art requires that the desired data field store the desired data in triplicate in order to determine if the data has been mistakenly modified. For example, the actual value is stored twice and the complement of the actual value is stored once. Such a procedure is very cumbersome and also requires a large amount of memory.
  • FIG. 1 illustrates a block diagram of an electrically erasable programmable read-only-memory (EEPROM) of a smartcard;
  • EEPROM electrically erasable programmable read-only-memory
  • FIG. 2 illustrates a data field for the backup memory buffer
  • FIG. 3 illustrates a block diagram of an EEPROM of a smartcard in accordance with the preferred embodiment of the present invention
  • FIG. 4 illustrates a fixed format for a value block and a non-fixed format for a non-value block in accordance with the preferred embodiment of the present invention
  • FIG. 5 illustrates an environment in which the smartcard is implemented in accordance with the preferred embodiment of the present invention
  • FIG. 6 illustrates a flow chart of a successful transaction in accordance with the preferred embodiment of the present invention
  • FIG. 7 illustrates a bit allocation for the backup memory buffer in accordance with the preferred embodiment of the present invention
  • FIG. 8 illustrates a flow chart of an unsuccessful transaction in accordance with the preferred embodiment of the present invention.
  • FIG. 9 illustrates a bit allocation for the backup memory buffer in accordance with an alternative embodiment of the present invention.
  • FIG. 10 illustrates an alternative environment in which a portable data device and a storage medium is implement in accordance with a further alternative embodiment of the present invention.
  • the preferred embodiment of the present invention provides a method and an apparatus for efficient memory usage for data backup and restoration in a portable data device and for recovering the correct state of the data if a transaction is improperly terminated.
  • the preferred embodiment insures that the correct state of the data is stored in a memory shared by all applications programmed on the portable data device in the event the transaction is improperly terminated, without seriously impacting the size of the memory.
  • the portable data device is a smartcard, even though it can be any type of processing-controlled device (e.g., a microprocessor, a microcomputer, a microcontroller, a dedicated logic element, etc.) capable of executing the methodology and/or steps of the present invention as described in detail below.
  • the preferred embodiment of the present invention also utilizes a “data backup and restoration” scheme that operates internally to the smartcard.
  • the “data backup and restoration” scheme is defined as the ability to restore the correct state of data for a given memory location when a change to the data is incomplete, such as an incomplete transaction or tear.
  • the data stored at a given memory location is automatically restored to its correct state upon power up of the smartcard, thus eliminating the need for a backup memory buffer per application.
  • the preferred embodiment of the present invention minimizes the memory overhead required for the “data backup and restoration” scheme, thus allowing for efficient memory storage.
  • the preferred embodiment further allows an application controller to place data in different memory block locations/data fields within a sector of memory.
  • this operation can be deterministic, pseudo-random or random in nature.
  • FIG. 3 illustrates a hardware block diagram of a smartcard 300 in accordance with the preferred embodiment of the present invention.
  • the smartcard 300 comprises a processing element 301 and a non-volatile memory 302 (e.g., a read-only memory (ROM), an electrically erasable programmable ROM (EEPROM), or the like) that is mapped or segmented into a plurality of sectors 304 , 306 , 308 , 310 , 312 .
  • ROM read-only memory
  • EEPROM electrically erasable programmable ROM
  • the non-volatile memory 302 in the preferred embodiment is an EEPROM 302 .
  • Each user application e.g., “first application 304 ”,“second application 306 ”,“third application 308 ” and “fourth application 310 ”)stored onto the smartcard 300 is allocated a sector of memory in the EEPROM 302 .
  • a backup memory buffer (“backup memory buffer 312 ”)is also allocated a sector of memory 312 in the EEPROM 302 .
  • the backup memory buffer 312 is commonly used by the plurality of user applications 304 - 310 . It is important to note that regardless of the number of user applications 304 - 310 stored on the smartcard 300 , there is only one backup memory buffer 312 in accordance with the preferred embodiment of the present invention.
  • the smartcard 300 illustrated in FIG. 3 has four user applications 304 - 310 associated therewith.
  • a user application may be controlled, in whole or in part, by an application controller (not shown in FIG. 3 ).
  • application controllers have in the past controlled user applications of smartcards, such as, for example, retail applications, restaurant applications, transit applications, college campus applications and the like.
  • the first application 304 may be controlled by a restaurant
  • the second application 306 may be controlled by a taxi cab service
  • a third application 308 may be controlled by a retail store 308
  • a fourth application 310 may be controlled by a bus service.
  • user applications may be stored, loaded, programmed, installed and/or the like, into the EEPROM 302 of the smartcard 300 in a variety of ways.
  • a user can have a blank formatted smartcard 300 where the user takes the smartcard 300 to each individual application controller for programming.
  • the individual application controller e.g., a bank, a restaurant, a transit authority, etc.
  • pre-selects the user applications loaded onto the smartcard 300 e.g., a bank, a restaurant, a transit authority, etc.
  • the user may select the user applications on the smartcard 300 from a list of user applications provided by the application controller.
  • the number of user applications associated with a particular smartcard 300 is configurable based on the amount of total memory available on the smartcard 300 and the amount of memory blocks allocated to a particular user application. Configuring the number of memory blocks allocated to a particular user application 304 is based upon the manufacturing design of the smartcard 300 .
  • the smartcard 300 has application-defined value and non-value block mapping. As stated above, each user application 304 - 310 is allocated a sector of memory having a unique set of memory block locations. Each sector of memory 304 - 310 can be programmed to fit the user application.
  • the application controller identifies each memory block in its sector of memory as a value block storing value data or a non-value block storing non-value data. Value blocks and non-value blocks may occur in any combination (i.e., coexist) within a user application.
  • Value data is any information that requires a high level of integrity and backup management during data modification. Examples of value data are the amount of money available for the application, the number of tokens available for the application, the number of purchases/rides/points accrued in order to receive a free gift/ride/discount, a social security number or a telephone number if used to identify the user, etc.
  • value blocks 400 have a fixed format, but may reside at any memory block location, preferably determined by the application controller.
  • the value block 400 comprises forty bits, or five bytes, which make up the value data 401 : thirty-two payload bits 402 and eight cyclic redundancy check (CRC) generated parity bits 404 . Since the value data 40 l is very sensitive to data integrity problems, the CRC generated parity bits 404 are attached to the payload bits 402 in order to identify any changes in the payload bits 402 .
  • CRC cyclic redundancy check
  • Non-value blocks 406 do not have a fixed format and thus can be any integral number of bytes. Non-value blocks 406 may also reside at any memory block location, preferably determined by the application controller. In the preferred embodiment, non-value data 408 is comprised of only payload bits. CRC generated parity bits are not a part of the non-value data 408 in the preferred embodiment of the present invention because the non-value data 408 is not particularly sensitive to data integrity issues as is the value data 401 .
  • Non-value data 408 is any information that does not require a high level of integrity or backup management. Examples of non-value data 408 are history information, the user's birthday, the user's address, etc. An advantage of identifying a given location as a value bock 400 or a non-value block 406 allows the smartcard 300 to use less memory when performing various transactions.
  • the application controller has the freedom and flexibility to randomly store any type of data (value 401 or non-value 408 ) in any memory block location in its sector of memory.
  • the application controller can also change the location of its value and non-value blocks 400 , 406 at any time, especially if it believes its security has been compromised, and maintain the backup feature for its value block/data.
  • the smartcard 300 can vary the order of the user applications 304 - 310 so that the user applications 304 - 310 are not necessarily stored on the smartcard 300 in the order in which they were programmed, stored, loaded, installed and/or the like.
  • the smartcard 300 further comprises a display area 314 to allow the user to read text messages from the user application and/or the application controller.
  • text messages are the following: “$2.00 has been deducted from your account. Your remaining account balance is $10.38”;“Your transaction is being processed”;“Your account balance has been exceeded, please call 1-800-555-5555”;“You will receive a 10% discount on your next purchase”;etc.
  • a transaction is an exchange of data between the application controller and the user via the smartcard and a reader.
  • the user 500 controls the smartcard 300 and the application controller 502 controls the reader 504 .
  • a user application 304 is controlled, in whole or in part, by an application controller 502 (e.g., retailers, restaurants, transit authorities, etc.).
  • the smartcard 300 is powered upon entry into a radio frequency (RF) field 506 , or alternatively, receipt of an infrared (IR) signal (not shown),
  • RF radio frequency
  • IR infrared
  • FIG. 6 illustrates a typical transaction in accordance with the preferred embodiment.
  • the user 500 wants to use his smartcard 300 to purchase a hamburger from a restaurant (first application) 304 for two dollars ($2.00)
  • the user 500 places the smartcard 300 in a position where the reader 504 for the first user application 304 can supply power to the smartcard 300 at step 600 .
  • the smartcard 300 determines whether the data stored in the backup memory buffer 312 is the correct state of a memory block location, thus requiring the data stored in the backup memory buffer 312 to be restored to its original location at step 602 . Details of restoring the correct state of data to its original location at step 604 are discussed in greater detail with reference to FIG. 8 below. As such, it is assumed that data restoration is not required for this example illustrated in FIG. 6 .
  • Communication is initiated between the smartcard 300 and the reader 504 by executing a protocol amongst themselves at step 606 .
  • Such communication protocols are well known in the art of data networking and/or smartcard design and therefore requires no additional description or discussion. Suffice it to say, however, the protocol provides anti-collision protection when multiple smartcards are presented to the reader 504 at step 608 , and checks the authenticity of the reader 504 and the smartcard 300 at step 610 , among other things.
  • the reader 504 instructs the smartcard 300 at step 612 to subtract $2.00 for the hamburger from a given memory block location (byte and line address) via a VALUE or NON-VALUE DATA command. If the smartcard receives a VALUE DATA command at step 612 , the processing element 301 will treat the memory block location as a value block 400 storing value data 401 . If the smartcard 300 receives a NON-VALUE DATA command at step 612 , the processing element 301 will treat the memory block location as a non-value block 406 storing non-value data 408 .
  • the processing element 301 processes the value data 401 as non-value data 408 . If the smartcard 300 receives a VALUE DATA command at step 612 identifying a memory block location that stores non-value data 408 , the processing element 301 processes the non-value data 408 as value data 401 . Processing non-value data 408 as value data 401 , however, results in an ERROR command issued by the smartcard 300 because the processing element 301 checks the CRC generated parity bits 404 , which is not present in non-value data 408 . Thus, the processing element 301 does not necessarily correct incorrect commands received from the reader 504 , but rather processes the data in accordance to the type of command received at step 612 .
  • the reader 504 transmits a VALUE DATA command to the smartcard at step 612 .
  • the processing element 301 responds to the reader 504 by accessing the given memory block location and processing the stored data as value data 401 by implementing the “data backup” scheme at step 614 .
  • the “data backup” scheme 614 allows the processing element 301 to copy the value data 401 currently stored in the given memory block location into the backup memory buffer 312 along with the address of the given memory block location in order to create backup data 401 ′.
  • the processing element 301 upon duplicating the value data 401 , along with the address 702 of the given memory block location, into the backup memory buffer 312 , the processing element 301 sets the flag bit 700 .
  • the flag bit 700 is located within the backup memory buffer 312 , but in alternative embodiments, the flag bit 700 could be located anywhere within the smartcard 300 . Setting the flag bit 700 indicates that the transaction is incomplete and the backup data 401 ′ currently stored in the backup memory buffer 312 is the correct state of the data (i.e., valid data) for the address 702 corresponding to the given memory block location. Up to this point, the value of the value data 401 stored at the memory block location and the value of the backup data 401 ′ stored at the backup memory buffer are the same.
  • the smartcard 300 accepts the value data 401 as the correct state of the given memory location.
  • the processing element 301 begins manipulating the value data 401 stored at the given application memory location in order to perform the operation required for the transaction at step 616 . If an interruption or tear occurs after the value data 401 stored at the given application memory location has undergone any manipulation, the processing element 301 accepts the backup data 401 ′ stored in the backup memory buffer 312 as the correct state of the given memory block location identified by the stored address 702 (described in detail below with reference to FIG. 8 ).
  • the reader 504 instructs the processing element 301 to subtract two dollars from the amount stored at the given application location.
  • the processing element 301 performs the operation (subtracting two dollars), calculates a new value derived from the operation and stores the new value data (not shown) at the given application memory location at step 618 .
  • the processing element 301 then informs the reader 504 that the transaction has been completed (TRANS SUCCESS command) at step 620 .
  • the processing element 301 can inform the reader 504 of the new value data.
  • the reader 504 must respond with a COMMIT command in order to proceed with the transaction from the standpoint of the application controller. If a COMMIT command is not received from the reader 504 , the transaction fails and is deemed incomplete. In the preferred embodiment, if the application controller desires to proceed with the transaction, the reader 504 transmits the COMMIT command after receiving the TRANS SUCCESS command. In alternative embodiments, if the application controller desires to proceed with the transaction, additional commands could still be exchanged between the reader 504 and the smartcard 300 before the reader 504 transmits the COMMIT command to the smartcard 300 .
  • the smartcard 300 receives the COMMIT command at step 622 .
  • the processing element 301 clears the flag bit 700 at step 624 and sends an acknowledgement (ACK COMMIT command) back to the reader 504 at step 626 .
  • Clearing the flag bit 700 indicates that the backup data 401 ′ currently stored in the backup memory buffer 312 is invalid and can be overwritten. Clearing the flag bit 700 also indicates that the new value data stored in the given application memory location is valid and the processing element 301 accepts the new value data as the correct state for the given memory block location
  • the reader 504 After the reader 504 receives the ACK COMMIT command from the smartcard 300 , the reader 504 indicates to the restaurant employee to give the holder 500 of the smartcard 300 the hamburger. Thus, in the preferred embodiment, a transaction is complete (and the backup data 401 ′ stored in the backup memory buffer 312 becomes invalid) only after the reader 504 transmits the COMMIT command and the smartcard 300 transmits the ACK COMMIT command in response thereto.
  • a further scenario from the previous example is when there is not enough money in the given application memory location to purchase the hamburger.
  • the smartcard 300 informs the reader 504 of the non-sufficient funds (NSF) by sending the reader 504 a NSF command instead of the TRANS SUCCESS command.
  • the smartcard 300 can provide the actual negative value that resulted after the operation was performed, or the like, to the reader 504 along with the NSF command.
  • the reader 504 has the option of allowing the transaction to proceed even though there are NSF in the given application memory location. For example, if the user 500 has been a good-standing consumer for a period of time, the application controller 502 may desire to give or “float” the money to the user 500 by sending the smartcard 300 the COMMIT command. The transaction will then continue as described above.
  • a tear is caused for a variety of reasons.
  • a tear commonly occurs when the smartcard 300 loses power, such as, but not limited to, when the smartcard is moved beyond the range of the RF field 506 or stops receiving the IR signal in a contactless environment.
  • the smartcard 300 also loses power when there is no longer any electrical contact between the smartcard 300 and the reader 504 in a contact environment.
  • a tear occurs when the battery loses its charge before the transaction is complete.
  • a tear occurs when the user 500 of the smartcard 300 changes his/her mind about completing the transaction, the reader 504 and/or the smartcard 300 picks up interfering signals from outside sources, the electrical contact is not strong enough, etc.
  • a tear will also occur if the reader 504 does not transmit a COMMIT command prior to the smartcard 300 losing power or if the smartcard 300 does not transmit an ACK COMMIT command prior to the smartcard 300 losing power.
  • the smartcard 300 determines if restoration is required at step 602 by determining the status of the flag bit 700 (i.e., whether the backup memory buffer 312 contains valid or invalid data). If the flag bit 700 is clear, the backup memory buffer 312 contains invalid data (indicating that the correct state of the data is stored in the memory block location identified by the address stored in the backup memory buffer 312 ) and the smartcard 300 begins the transaction at step 606 with the reader 504 as described above with reference to FIG. 6 .
  • the smartcard 300 implements the “data restoration” scheme at step 604 .
  • the “data restoration” scheme accesses the backup memory buffer 312 and identifies the address 702 stored therein. Once the address 702 is identified, the processing element 301 writes the backup data 401 ′, also stored within the backup memory buffer 312 , in the given memory block location corresponding to the address 702 .
  • the backup data 401 ′ is considered the correct state (i.e., valid) because any changes made to the value data 401 after being copied into the backup memory buffer 312 has not been committed to or approved by both the reader 504 and the smartcard 300 .
  • the “data restoration” scheme 604 is done independent of the reader 504 or its application 304 .
  • the processing element 301 automatically recovers from an incomplete transaction or a tear upon receiving power, independent of a next reader supplying power to the smartcard 300 , the next application launched (whether the first application 304 , the second application 306 , etc.) and/or the next memory block location accessed (whether a value block 400 or a non-value block 406 ).
  • the processing element 301 clears the flag bit 700 and begins the transaction with the reader 504 as described above.
  • the backup memory buffer 312 can be formatted into a plurality of segments.
  • the number of segments is configurable.
  • the backup memory buffer 312 stores value data 401 in a given application 304 at a single time. Storing multiple value data 401 from multiple value blocks 400 allows the smartcard 300 and the reader 504 to complete a transaction on a plurality of value blocks 400 simultaneously.
  • the backup memory buffer 312 is segmented into two segments 900 , 902 .
  • a reader 504 for a user application 310 sends a command to the smartcard 300 to identify a first location 904 to decrement the fare and a second location 906 to increment the number of rides accrued before receiving a free ride.
  • the value data 908 , 910 associated with both the first and second locations 904 , 906 are copied into the backup memory buffer 312 in designated segments 900 , 902 of the backup memory buffer 312 before the processing element 301 decrements the fare from the first value data 908 and increments the number of rides from the second data value 910 .
  • the transaction is complete for all value data 908 , 910 stored in the backup memory buffer 312 (in this case, the fare and the number of rides) when the reader 504 transmits the COMMIT command and the smartcard 300 transmits the ACK COMMIT command.
  • a single COMMIT command from the reader 504 and a single ACK COMMIT command from the smartcard 300 completes the transactions for all value data (in this case, 908 , 910 ) stored in the backup memory buffer 312 .
  • FIG. 10 a storage medium 1000 having stored thereon a plurality of user applications 1004 , 1006 and a backup memory buffer 1008 which, when loaded into a portable data device 1010 having a processing element 1012 , causes the processing element 1012 to perform the following functions: share the backup memory buffer 1008 with the plurality of user applications 1004 , 1006 ; store a valid state of data from a memory location 1014 in the storage medium 1000 into the backup memory buffer 1008 prior to performing a transaction for an application; and restore the valid state of data from the backup memory buffer 1008 into the memory location 1014 upon receiving power at the portable data device 1010 in an event the transaction is terminated prior to completion, independent of a next application in which a next transaction is performed.
  • a set of instructions 1016 which instructs the processing element 1012 to perform the functions can either be stored on the storage medium 1000 , or alternatively on the
  • the storage medium 1000 when loaded into the portable data device 1010 , could also cause the processing element 1012 to perform the functions described in FIG. 6 and/or FIG. 8 .
  • the portable data device 1010 is a personal digital assistant, a cellular telephone, a laptop computer or any other portable device that is capable of receiving the storage medium 1000 .
  • the portable data device 1010 optionally comprises a display area 1018 to allow the user 500 to read text messages from a user application and/or application controller as in the preferred embodiment (shown in FIG. 3 ).
  • the storage medium device 1000 such as a diskette, cartridge, smartcard, compact disc (miniature or full size) or any other medium capable of storing thereon the plurality of user applications 1002 , 1004 , 1006 the backup memory buffer, the processing element 1012 and the set of instructions 1016 , singularly or in any type of combination, is inserted into the portable data device 1010 .
  • the processing element 1012 is a microprocessor, microcomputer, microcontroller, a dedicated logic element or any other processing element capable of executing the methodology and/or steps of the present invention as described in detail above.
  • the storage medium 1000 could have the set of instructions 1016 , a non-volatile memory 1002 and a processing element 1012 stored thereon, wherein the non-volatile memory 1002 is mapped into a plurality of segments 1004 , 1006 , and having a backup memory buffer 1008 which, when loaded into the portable data device 1010 , causes the storage medium 1000 to perform the following functions: share the backup memory buffer 1008 with the plurality of user applications 1004 , 1006 ; store a valid state of data from a memory location 1014 in the nonvolatile memory 1002 into the backup memory buffer 1008 prior to performing a transaction for a user application; and restore the valid state of data from the backup memory buffer 1008 into the memory location 1014 upon power up of the portable data device 1010 in an event the transaction is terminated prior to completion, independent of a next application in which a next transaction is performed.
  • the set of instructions stored on the storage medium 1000 could cause the storage medium 1000 to perform the functions of FIG. 6 and/or FIG. 8 .
  • the plurality of user applications 1004 , 1006 and the backup memory buffer 1008 could reside on either the storage medium 1000 or the portable data device 1010
  • the set of instructions 1016 used to perform any of the functions described above can reside either on the storage medium 1000 or the portable data device 1010 .

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Engineering & Computer Science (AREA)
  • Quality & Reliability (AREA)
  • Techniques For Improving Reliability Of Storages (AREA)
  • Storage Device Security (AREA)

Abstract

A portable data device (300) having a memory (302) is provided. The memory (302) is segmented into a plurality of sectors (304-312). A backup memory buffer (312) and a plurality of applications (304-310) are programmed into the plurality of sectors, wherein the backup memory buffer (312) is jointly used by the plurality of applications (304-310). A valid state of data is stored in the backup memory buffer (312) prior to performing a transaction for a first application (304). The valid state of data is restored in the first application (304) upon power up of the portable data device (300) in an event the transaction is terminated prior to completion, wherein the step of restoring is independent of a next application in which a next transaction is performed.

Description

FIELD OF THE INVENTION
The present invention relates generally to a method and apparatus for data backup and restoration in a smartcard, and in particular, to a method and apparatus for recovering the state of the data if the transaction is improperly terminated.
BACKGROUND OF THE INVENTION
Credit cards, typically provided with magnetic stripes, have been around for many years. These types of credit cards, however, have a design flaw. The mechanical interface between the credit card and the reader requires periodic cleaning. The poor reliability of the readers, due to the mechanical interface, causes down time for reader maintenance. Contactless smartcards have been developed which eliminate the mechanical interface between the card and the reader.
During a transaction, there exists a need to modify data stored in the smartcard's electrically erasable programmable read-only-memory (EEPROM). One of the problems of contactless smartcard applications stems from the ability of the user to terminate the power before the transaction has completed. Removal of the power prior to the completion of the transaction can cause the wrong data to be programmed into the smartcard's memory. This event is termed a tear.
The current solution to handling a tear and preventing the wrong data from being programmed into the EEPROM is illustrated in FIG. 1. The EEPROM 102 is segmented into a plurality of sectors of memory. A plurality of applications and a plurality of backup memory buffers are programmed into the plurality of sectors of EEPROM memory. The plurality of backup memory buffers must equal the plurality of applications, thus providing a dedicated backup memory buffer for each application. Using the dedicated backup memories for each application provides the current solution for providing memory correction of a particular application in the event of a tear.
A disadvantage to using a dedicated backup memory buffer for each application programmed on the EEPROM 102 is the large amount of valuable memory space required. The number of bits modified during a transaction can be large resulting in large and expensive dedicated backup memory buffers 112-118. Accordingly, there exists a need for insuring the correct data is restored in the smartcard memory in the event of a tear without seriously impacting the size of the smartcard's memory.
Further, the current state of the art allows the EEPROM 102 to restore the valid state of the data only when the application that experienced the tear is launched. As a result, the valid data remains stored in a dedicated backup memory buffer until the corresponding application is launched. Having the restoration scheme used in the prior art results in a large amount of memory being required and used.
A further disadvantage of the prior art is inadequate security precautions taken to prevent unauthorized modifications to the data stored on the smartcard. Since integrity sensitive applications, e.g., applications storing financial information, are programmed on the smartcard, security against unmodified modification of the data field is required. FIG. 2 displays the memory configuration for the prior art. As shown, the data field locations are fixed for all applications and are public knowledge. Fixed data fields in known locations allow unscrupulous individuals to easily modify the desired data fields since all applications place certain data in the same location (e.g., the first memory block of each sector of memory). Accordingly, there exists a need for placing the data in different locations in order to make it difficult for an unscrupulous individual to determine which data fields should be modified.
Moreover, not only does the prior art store the desired data fields in the same location for all applications, the prior art requires that the desired data field store the desired data in triplicate in order to determine if the data has been mistakenly modified. For example, the actual value is stored twice and the complement of the actual value is stored once. Such a procedure is very cumbersome and also requires a large amount of memory.
Thus, there exists a need to provide a method and apparatus for data backup and restoration in a smartcard that insures that the correct data is stored in memory without seriously impacting the size of the memory while simultaneously providing adequate security of the data.
BRIEF DESCRIPTION OF THE DRAWINGS
A preferred embodiment of the invention is now described, by way of example only, with reference to the accompanying drawings in which:
FIG. 1 (prior art) illustrates a block diagram of an electrically erasable programmable read-only-memory (EEPROM) of a smartcard;
FIG. 2 (prior art) illustrates a data field for the backup memory buffer;
FIG. 3 illustrates a block diagram of an EEPROM of a smartcard in accordance with the preferred embodiment of the present invention;
FIG. 4 illustrates a fixed format for a value block and a non-fixed format for a non-value block in accordance with the preferred embodiment of the present invention;
FIG. 5 illustrates an environment in which the smartcard is implemented in accordance with the preferred embodiment of the present invention;
FIG. 6 illustrates a flow chart of a successful transaction in accordance with the preferred embodiment of the present invention;
FIG. 7 illustrates a bit allocation for the backup memory buffer in accordance with the preferred embodiment of the present invention;
FIG. 8 illustrates a flow chart of an unsuccessful transaction in accordance with the preferred embodiment of the present invention;
FIG. 9 illustrates a bit allocation for the backup memory buffer in accordance with an alternative embodiment of the present invention; and
FIG. 10 illustrates an alternative environment in which a portable data device and a storage medium is implement in accordance with a further alternative embodiment of the present invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
The preferred embodiment of the present invention provides a method and an apparatus for efficient memory usage for data backup and restoration in a portable data device and for recovering the correct state of the data if a transaction is improperly terminated. The preferred embodiment insures that the correct state of the data is stored in a memory shared by all applications programmed on the portable data device in the event the transaction is improperly terminated, without seriously impacting the size of the memory. For ease of explanation and understanding, the following description assumes that the portable data device is a smartcard, even though it can be any type of processing-controlled device (e.g., a microprocessor, a microcomputer, a microcontroller, a dedicated logic element, etc.) capable of executing the methodology and/or steps of the present invention as described in detail below.
The preferred embodiment of the present invention also utilizes a “data backup and restoration” scheme that operates internally to the smartcard. The “data backup and restoration” scheme is defined as the ability to restore the correct state of data for a given memory location when a change to the data is incomplete, such as an incomplete transaction or tear. In the preferred embodiment, the data stored at a given memory location is automatically restored to its correct state upon power up of the smartcard, thus eliminating the need for a backup memory buffer per application. As such, the preferred embodiment of the present invention minimizes the memory overhead required for the “data backup and restoration” scheme, thus allowing for efficient memory storage.
The preferred embodiment further allows an application controller to place data in different memory block locations/data fields within a sector of memory. In accordance with the preferred embodiment of the present embodiment, this operation can be deterministic, pseudo-random or random in nature. An advantage to random placement of the data is that it makes it more difficult for unscrupulous individuals to tamper with the data because they do not know which locations contain valuable data.
FIG. 3 illustrates a hardware block diagram of a smartcard 300 in accordance with the preferred embodiment of the present invention. In the preferred embodiment, the smartcard 300 comprises a processing element 301 and a non-volatile memory 302 (e.g., a read-only memory (ROM), an electrically erasable programmable ROM (EEPROM), or the like) that is mapped or segmented into a plurality of sectors 304, 306, 308, 310, 312. For ease of explanation and understanding, the following description assumes that the non-volatile memory 302 in the preferred embodiment is an EEPROM 302. Each user application (e.g., “first application 304”,“second application 306”,“third application 308” and “fourth application 310”)stored onto the smartcard 300 is allocated a sector of memory in the EEPROM 302.
A backup memory buffer (“backup memory buffer 312”)is also allocated a sector of memory 312 in the EEPROM 302. As stated above, the backup memory buffer 312 is commonly used by the plurality of user applications 304-310. It is important to note that regardless of the number of user applications 304-310 stored on the smartcard 300, there is only one backup memory buffer 312 in accordance with the preferred embodiment of the present invention.
For ease of explanation and for example purposes only, the smartcard 300 illustrated in FIG. 3 has four user applications 304-310 associated therewith. For purposes of this discussion, a user application may be controlled, in whole or in part, by an application controller (not shown in FIG. 3). Such application controllers have in the past controlled user applications of smartcards, such as, for example, retail applications, restaurant applications, transit applications, college campus applications and the like. By way of example, the first application 304 may be controlled by a restaurant, the second application 306 may be controlled by a taxi cab service, a third application 308 may be controlled by a retail store 308 and a fourth application 310 may be controlled by a bus service.
As will be appreciated by those skilled in the art, user applications may be stored, loaded, programmed, installed and/or the like, into the EEPROM 302 of the smartcard 300 in a variety of ways. For example, a user can have a blank formatted smartcard 300 where the user takes the smartcard 300 to each individual application controller for programming. Alternatively, the individual application controller (e.g., a bank, a restaurant, a transit authority, etc.) pre-selects the user applications loaded onto the smartcard 300. Additionally, the user may select the user applications on the smartcard 300 from a list of user applications provided by the application controller.
The number of user applications associated with a particular smartcard 300 is configurable based on the amount of total memory available on the smartcard 300 and the amount of memory blocks allocated to a particular user application. Configuring the number of memory blocks allocated to a particular user application 304 is based upon the manufacturing design of the smartcard 300. The smartcard 300 has application-defined value and non-value block mapping. As stated above, each user application 304-310 is allocated a sector of memory having a unique set of memory block locations. Each sector of memory 304-310 can be programmed to fit the user application. The application controller identifies each memory block in its sector of memory as a value block storing value data or a non-value block storing non-value data. Value blocks and non-value blocks may occur in any combination (i.e., coexist) within a user application.
Value data is any information that requires a high level of integrity and backup management during data modification. Examples of value data are the amount of money available for the application, the number of tokens available for the application, the number of purchases/rides/points accrued in order to receive a free gift/ride/discount, a social security number or a telephone number if used to identify the user, etc.
As illustrated in FIG. 4, value blocks 400 have a fixed format, but may reside at any memory block location, preferably determined by the application controller. In the preferred embodiment, the value block 400 comprises forty bits, or five bytes, which make up the value data 401: thirty-two payload bits 402 and eight cyclic redundancy check (CRC) generated parity bits 404. Since the value data40l is very sensitive to data integrity problems, the CRC generated parity bits 404 are attached to the payload bits 402 in order to identify any changes in the payload bits 402.
Non-value blocks 406 do not have a fixed format and thus can be any integral number of bytes. Non-value blocks 406 may also reside at any memory block location, preferably determined by the application controller. In the preferred embodiment, non-value data 408 is comprised of only payload bits. CRC generated parity bits are not a part of the non-value data 408 in the preferred embodiment of the present invention because the non-value data 408 is not particularly sensitive to data integrity issues as is the value data 401.
Non-value data 408 is any information that does not require a high level of integrity or backup management. Examples of non-value data 408 are history information, the user's birthday, the user's address, etc. An advantage of identifying a given location as a value bock 400 or a non-value block 406 allows the smartcard 300 to use less memory when performing various transactions.
For security precautions, the application controller has the freedom and flexibility to randomly store any type of data (value 401 or non-value 408) in any memory block location in its sector of memory. The application controller can also change the location of its value and non-value blocks 400, 406 at any time, especially if it believes its security has been compromised, and maintain the backup feature for its value block/data.
For additional security precautions, the smartcard 300 can vary the order of the user applications 304-310 so that the user applications 304-310 are not necessarily stored on the smartcard 300 in the order in which they were programmed, stored, loaded, installed and/or the like.
Optionally, the smartcard 300 further comprises a display area 314 to allow the user to read text messages from the user application and/or the application controller. Examples of text messages are the following: “$2.00 has been deducted from your account. Your remaining account balance is $10.38”;“Your transaction is being processed”;“Your account balance has been exceeded, please call 1-800-555-5555”;“You will receive a 10% discount on your next purchase”;etc.
The following discussion is now directed to how a transaction is performed. A transaction is an exchange of data between the application controller and the user via the smartcard and a reader. As shown in FIG. 5, the user 500 controls the smartcard 300 and the application controller 502 controls the reader 504. For purposes of this discussion, a user application 304 is controlled, in whole or in part, by an application controller 502 (e.g., retailers, restaurants, transit authorities, etc.). In the preferred contactless embodiment of the present invention, the smartcard 300 is powered upon entry into a radio frequency (RF) field 506, or alternatively, receipt of an infrared (IR) signal (not shown), In a contact environment, the smartcard 300 is powered upon coming into electrical contact with the reader 504 which applies power to the smartcard 300.
FIG. 6 illustrates a typical transaction in accordance with the preferred embodiment. For example, when the user 500 wants to use his smartcard 300 to purchase a hamburger from a restaurant (first application) 304 for two dollars ($2.00), the user 500 places the smartcard 300 in a position where the reader 504 for the first user application 304 can supply power to the smartcard 300 at step 600. When the reader 504 supplies power to the smartcard 300, the smartcard 300 determines whether the data stored in the backup memory buffer 312 is the correct state of a memory block location, thus requiring the data stored in the backup memory buffer 312 to be restored to its original location at step 602. Details of restoring the correct state of data to its original location at step 604 are discussed in greater detail with reference to FIG. 8 below. As such, it is assumed that data restoration is not required for this example illustrated in FIG. 6.
Communication is initiated between the smartcard 300 and the reader 504 by executing a protocol amongst themselves at step 606. Such communication protocols are well known in the art of data networking and/or smartcard design and therefore requires no additional description or discussion. Suffice it to say, however, the protocol provides anti-collision protection when multiple smartcards are presented to the reader 504 at step 608, and checks the authenticity of the reader 504 and the smartcard 300 at step 610, among other things.
After the protocol is complete, the reader 504 instructs the smartcard 300 at step 612 to subtract $2.00 for the hamburger from a given memory block location (byte and line address) via a VALUE or NON-VALUE DATA command. If the smartcard receives a VALUE DATA command at step 612, the processing element 301 will treat the memory block location as a value block 400 storing value data 401. If the smartcard 300 receives a NON-VALUE DATA command at step 612, the processing element 301 will treat the memory block location as a non-value block 406 storing non-value data 408. As a result, if the smartcard 300 receives a NON-VALUE DATA command at step 612 from the reader 504 identifying a memory block location that is storing value data 401, the processing element 301 processes the value data 401 as non-value data 408. If the smartcard 300 receives a VALUE DATA command at step 612 identifying a memory block location that stores non-value data 408, the processing element 301 processes the non-value data 408 as value data 401. Processing non-value data 408 as value data 401, however, results in an ERROR command issued by the smartcard 300 because the processing element 301 checks the CRC generated parity bits 404, which is not present in non-value data 408. Thus, the processing element 301 does not necessarily correct incorrect commands received from the reader 504, but rather processes the data in accordance to the type of command received at step 612.
In this particular example, the reader 504 transmits a VALUE DATA command to the smartcard at step 612. The processing element 301 responds to the reader 504 by accessing the given memory block location and processing the stored data as value data 401 by implementing the “data backup” scheme at step 614. The “data backup” scheme 614 allows the processing element 301 to copy the value data 401 currently stored in the given memory block location into the backup memory buffer 312 along with the address of the given memory block location in order to create backup data 401′.
In the preferred embodiment, as shown in FIG. 7, when the value data 401 is written into the backup memory buffer 312, fifty-two bits are need to accommodate the backup data 401′: one flag bit 700, eleven address bits 702, thirty-two payload bits 402 and eight CRC generated parity bits 404. The allocation of bits is, however, configurable.
Referring back to FIG. 6, upon duplicating the value data 401, along with the address 702 of the given memory block location, into the backup memory buffer 312, the processing element 301 sets the flag bit 700. Preferably, the flag bit 700 is located within the backup memory buffer 312, but in alternative embodiments, the flag bit 700 could be located anywhere within the smartcard 300. Setting the flag bit 700 indicates that the transaction is incomplete and the backup data 401′ currently stored in the backup memory buffer 312 is the correct state of the data (i.e., valid data) for the address 702 corresponding to the given memory block location. Up to this point, the value of the value data 401 stored at the memory block location and the value of the backup data 401′ stored at the backup memory buffer are the same. As such, if an interruption or tear occurs before any changes are made to the value data 401 stored at the memory block location, the value data 401 at the given application memory location is still intact, and the smartcard 300 accepts the value data 401 as the correct state of the given memory location.
Once the value data 400 has been copied and stored in the backup memory buffer 312 along with its given application memory location address 702 at step 614, only then does the processing element 301 begin manipulating the value data 401 stored at the given application memory location in order to perform the operation required for the transaction at step 616. If an interruption or tear occurs after the value data 401 stored at the given application memory location has undergone any manipulation, the processing element 301 accepts the backup data 401′ stored in the backup memory buffer 312 as the correct state of the given memory block location identified by the stored address 702 (described in detail below with reference to FIG. 8).
In the present example, the reader 504 instructs the processing element 301 to subtract two dollars from the amount stored at the given application location. The processing element 301 performs the operation (subtracting two dollars), calculates a new value derived from the operation and stores the new value data (not shown) at the given application memory location at step 618. The processing element 301 then informs the reader 504 that the transaction has been completed (TRANS SUCCESS command) at step 620. Optionally, the processing element 301 can inform the reader 504 of the new value data.
At some point after the reader 504 receives the TRANS SUCCESS command from the smartcard 300, the reader 504 must respond with a COMMIT command in order to proceed with the transaction from the standpoint of the application controller. If a COMMIT command is not received from the reader 504, the transaction fails and is deemed incomplete. In the preferred embodiment, if the application controller desires to proceed with the transaction, the reader 504 transmits the COMMIT command after receiving the TRANS SUCCESS command. In alternative embodiments, if the application controller desires to proceed with the transaction, additional commands could still be exchanged between the reader 504 and the smartcard 300 before the reader 504 transmits the COMMIT command to the smartcard 300.
In this example, the smartcard 300 receives the COMMIT command at step 622. As a result, the processing element 301 clears the flag bit 700 at step 624 and sends an acknowledgement (ACK COMMIT command) back to the reader 504 at step 626. Clearing the flag bit 700 indicates that the backup data 401′ currently stored in the backup memory buffer 312 is invalid and can be overwritten. Clearing the flag bit 700 also indicates that the new value data stored in the given application memory location is valid and the processing element 301 accepts the new value data as the correct state for the given memory block location
After the reader 504 receives the ACK COMMIT command from the smartcard 300, the reader 504 indicates to the restaurant employee to give the holder 500 of the smartcard 300 the hamburger. Thus, in the preferred embodiment, a transaction is complete (and the backup data 401′ stored in the backup memory buffer 312 becomes invalid) only after the reader 504 transmits the COMMIT command and the smartcard 300 transmits the ACK COMMIT command in response thereto.
A further scenario from the previous example is when there is not enough money in the given application memory location to purchase the hamburger. The smartcard 300 informs the reader 504 of the non-sufficient funds (NSF) by sending the reader 504 a NSF command instead of the TRANS SUCCESS command. Optionally, the smartcard 300 can provide the actual negative value that resulted after the operation was performed, or the like, to the reader 504 along with the NSF command. At this point, the reader 504 has the option of allowing the transaction to proceed even though there are NSF in the given application memory location. For example, if the user 500 has been a good-standing consumer for a period of time, the application controller 502 may desire to give or “float” the money to the user 500 by sending the smartcard 300 the COMMIT command. The transaction will then continue as described above.
Situations arise when the transaction is incomplete. Such a situation is called a “tear”. A tear is caused for a variety of reasons. A tear commonly occurs when the smartcard 300 loses power, such as, but not limited to, when the smartcard is moved beyond the range of the RF field 506 or stops receiving the IR signal in a contactless environment. The smartcard 300 also loses power when there is no longer any electrical contact between the smartcard 300 and the reader 504 in a contact environment. In the situation when a battery supplies the power the smartcard 300, a tear occurs when the battery loses its charge before the transaction is complete. As such, a tear occurs when the user 500 of the smartcard 300 changes his/her mind about completing the transaction, the reader 504 and/or the smartcard 300 picks up interfering signals from outside sources, the electrical contact is not strong enough, etc. A tear will also occur if the reader 504 does not transmit a COMMIT command prior to the smartcard 300 losing power or if the smartcard 300 does not transmit an ACK COMMIT command prior to the smartcard 300 losing power.
As illustrated in FIG. 8, in the preferred embodiment of the present invention, when the smartcard receives power at step 800, the smartcard 300 determines if restoration is required at step 602 by determining the status of the flag bit 700 (i.e., whether the backup memory buffer 312 contains valid or invalid data). If the flag bit 700 is clear, the backup memory buffer 312 contains invalid data (indicating that the correct state of the data is stored in the memory block location identified by the address stored in the backup memory buffer 312) and the smartcard 300 begins the transaction at step 606 with the reader 504 as described above with reference to FIG. 6.
If the flag bit 700 is set or valid data is found in the backup memory buffer 312, this indicates that an incomplete transaction or a tear occurred and the smartcard 300 implements the “data restoration” scheme at step 604. The “data restoration” scheme accesses the backup memory buffer 312 and identifies the address 702 stored therein. Once the address 702 is identified, the processing element 301 writes the backup data 401′, also stored within the backup memory buffer 312, in the given memory block location corresponding to the address 702. The backup data 401′ is considered the correct state (i.e., valid) because any changes made to the value data 401 after being copied into the backup memory buffer 312 has not been committed to or approved by both the reader 504 and the smartcard 300. It is important to be able to restore the data in the given memory block location to its correct state in case a tear, premature termination or incomplete transaction occurs. It is also important to note that the “data restoration” scheme 604 is done independent of the reader 504 or its application 304. In other words, the processing element 301 automatically recovers from an incomplete transaction or a tear upon receiving power, independent of a next reader supplying power to the smartcard 300, the next application launched (whether the first application 304, the second application 306, etc.) and/or the next memory block location accessed (whether a value block 400 or a non-value block 406).
Once the backup data 401′ stored in the backup memory buffer 312 is restored in the given application memory location 702, the processing element 301 clears the flag bit 700 and begins the transaction with the reader 504 as described above.
In an alternative embodiment the backup memory buffer 312 can be formatted into a plurality of segments. The number of segments is configurable. In each segment, the backup memory buffer 312 stores value data 401 in a given application 304 at a single time. Storing multiple value data 401 from multiple value blocks 400 allows the smartcard 300 and the reader 504 to complete a transaction on a plurality of value blocks 400 simultaneously.
For example, as shown in FIG. 9, the backup memory buffer 312 is segmented into two segments 900, 902. When a user 500 uses his smartcard 300 to ride the city bus, a reader 504 for a user application 310 sends a command to the smartcard 300 to identify a first location 904 to decrement the fare and a second location 906 to increment the number of rides accrued before receiving a free ride. The value data 908, 910 associated with both the first and second locations 904, 906 are copied into the backup memory buffer 312 in designated segments 900, 902 of the backup memory buffer 312 before the processing element 301 decrements the fare from the first value data 908 and increments the number of rides from the second data value 910. The transaction is complete for all value data 908, 910 stored in the backup memory buffer 312 (in this case, the fare and the number of rides) when the reader 504 transmits the COMMIT command and the smartcard 300 transmits the ACK COMMIT command. Thus, a single COMMIT command from the reader 504 and a single ACK COMMIT command from the smartcard 300 completes the transactions for all value data (in this case, 908, 910) stored in the backup memory buffer 312.
While the invention has been described in conjunction with a specific embodiment thereof, additional advantages and modifications will readily occur to those skilled in the art. For example, a further alternative embodiment is shown in FIG. 10, a storage medium 1000 having stored thereon a plurality of user applications 1004, 1006 and a backup memory buffer 1008 which, when loaded into a portable data device 1010 having a processing element 1012, causes the processing element 1012 to perform the following functions: share the backup memory buffer 1008 with the plurality of user applications 1004, 1006; store a valid state of data from a memory location 1014 in the storage medium 1000 into the backup memory buffer 1008 prior to performing a transaction for an application; and restore the valid state of data from the backup memory buffer 1008 into the memory location 1014 upon receiving power at the portable data device 1010 in an event the transaction is terminated prior to completion, independent of a next application in which a next transaction is performed. A set of instructions 1016 which instructs the processing element 1012 to perform the functions can either be stored on the storage medium 1000, or alternatively on the portable data device 1010.
In addition, the storage medium 1000, when loaded into the portable data device 1010, could also cause the processing element 1012 to perform the functions described in FIG. 6 and/or FIG. 8.
In the further alternative embodiment illustrated with respect to FIG. 10, the portable data device 1010 is a personal digital assistant, a cellular telephone, a laptop computer or any other portable device that is capable of receiving the storage medium 1000. The portable data device 1010 optionally comprises a display area 1018 to allow the user 500 to read text messages from a user application and/or application controller as in the preferred embodiment (shown in FIG. 3).
The storage medium device 1000, such as a diskette, cartridge, smartcard, compact disc (miniature or full size) or any other medium capable of storing thereon the plurality of user applications 1002, 1004, 1006 the backup memory buffer, the processing element 1012 and the set of instructions 1016, singularly or in any type of combination, is inserted into the portable data device 1010.
The processing element 1012 is a microprocessor, microcomputer, microcontroller, a dedicated logic element or any other processing element capable of executing the methodology and/or steps of the present invention as described in detail above.
In yet a further embodiment, the storage medium 1000 could have the set of instructions 1016, a non-volatile memory 1002 and a processing element 1012 stored thereon, wherein the non-volatile memory 1002 is mapped into a plurality of segments 1004, 1006, and having a backup memory buffer 1008 which, when loaded into the portable data device 1010, causes the storage medium 1000 to perform the following functions: share the backup memory buffer 1008 with the plurality of user applications 1004, 1006; store a valid state of data from a memory location 1014 in the nonvolatile memory 1002 into the backup memory buffer 1008 prior to performing a transaction for a user application; and restore the valid state of data from the backup memory buffer 1008 into the memory location 1014 upon power up of the portable data device 1010 in an event the transaction is terminated prior to completion, independent of a next application in which a next transaction is performed.
In addition, the set of instructions stored on the storage medium 1000 could cause the storage medium 1000 to perform the functions of FIG. 6 and/or FIG. 8. As such, the plurality of user applications 1004, 1006 and the backup memory buffer 1008 could reside on either the storage medium 1000 or the portable data device 1010, and the set of instructions 1016 used to perform any of the functions described above can reside either on the storage medium 1000 or the portable data device 1010.
Thus, the invention, in its broader aspects, is therefore not limited to the specific details, representative apparatus, and illustrative examples shown and described. Various alterations, modifications and variations will be apparent to those skilled in the art in light of the foregoing description. Thus, it should be understood that the invention is not limited by the foregoing description, but embraces all such alterations, modifications and variations in accordance with the spirit and scope of the appended claims.

Claims (20)

We claim:
1. A data backup and restoration method for a portable data device comprising the steps of:
mapping a memory device into a plurality of segments, and having a backup memory buffer;
loading a plurality of user applications into the plurality of segments, wherein the backup memory buffer is shared by the plurality of user applications;
storing a valid state of data from a memory location into the backup memory buffer prior to performing a transaction for an application; and
restoring the valid state of data from the backup memory buffer into the memory location upon power up of the portable data device in an event the transaction is terminated prior to completion, wherein the step of restoring is independent of a next application in which a next transaction is performed.
2. The data backup and restoration method in accordance with claim 1 wherein the portable data device is a smartcard.
3. A data backup and restoration method for use within a portable data device having a memory device segmented into a plurality of sectors, the memory device further comprising a backup memory buffer, the data backup and restoration method comprising the steps of:
receiving power from a reader;
receiving a command from the reader to access data stored at a memory location within the memory device, wherein the data is used to perform a transaction;
copying the data from the memory location into the backup memory buffer, in order to create backup data, prior to performing the transaction;
setting a flag bit, in response to copying the data, to indicate that the transaction is incomplete;
determining a status of the flag bit upon a next receipt of power from a reader; and
copying the backup data into the memory location when the status of the flag bit is set, wherein the step of copying the backup data is independent of a reader.
4. The data backup and restoration method in accordance with claim 3 wherein a reader is controlled by an application controller, and wherein the step of copying the backup data is also independent of the application controller.
5. The data backup and restoration method in accordance with claim 4 wherein the application controller is one of the following: a retail store, a restaurant, a bank, a transit authority and a college campus.
6. The data backup and restoration method in accordance with claim 3 further comprising clearing the flag bit only when the transaction is successfully completed.
7. The data backup and restoration method in accordance with claim 6 wherein the transaction is successfully completed when both the portable data device and the reader agree to commit to the transaction.
8. The data backup and restoration method in accordance with claim 3 wherein the step of receiving power comprises entering a radio frequency field exerted from the reader.
9. The data back and restoration method in accordance with claim 3 wherein the step of receiving power comprises transmitting an infrared signal to the reader.
10. The data backup and restoration method in accordance with claim 3 wherein the step of receiving power comprises establishing an electrical contact with the reader.
11. The data backup and restoration method in accordance with claim 3 further comprising loading a plurality of user applications into the plurality of sectors, each user application being controlled by an application controller and each sector having a unique set of memory block locations, wherein each application controller programs any type of data in each memory block location within a sector.
12. The data backup and restoration method in accordance with claim 11 wherein the application controller can move data programmed in a first memory block location to a second memory block location at any given time.
13. The data backup and restoration method in accordance with claim 11 wherein the sector in which a particular user application is loaded into is independent of an order in which the particular user application is loaded onto the portable data device.
14. A data backup and restoration method for use within a portable data device having a memory device segmented into a plurality of sectors, the memory device further comprising a backup memory buffer, the data backup and restoration method comprising the steps of:
receiving power from a reader;
receiving a command from the reader to access first data stored at a first memory location in the memory device and second data stored at a second memory location in the memory device, wherein the first and second memory locations are controlled by the reader, and wherein the first data and the second data are used to perform a transaction;
copying the first data from the first memory location into a first segment of the backup memory buffer in order to create a first backup data and copying the second data from the second memory location into a second segment of the backup memory buffer in order to create a second backup data prior to performing the transaction;
setting a flag bit, in response to the step of copying the first data, to indicate that the transaction is incomplete;
upon a next receipt of power from a reader, determining a status of the flag bit; and
copying the first backup data into the first memory location and copying the second backup data into the second memory location when the status of the flag bit is set, wherein the step of copying the first backup data is independent of a reader.
15. A data backup and restoration apparatus having stored thereon a plurality of user applications and a backup memory buffer, the backup memory buffer being common to the plurality of user applications, when the data backup and restoration apparatus receives power from a reader in order to perform a transaction on data stored at a memory location, the data is copied from the memory location into the backup memory buffer prior to performing the transaction, and upon a next receipt of power from a reader, the data is copied from the backup memory buffer into the memory location in an event the transaction is terminated prematurely independent of a reader.
16. The data backup and restoration apparatus in accordance with claim 15 further comprising an electrically erasable programmable read-only-memory in which the plurality of user applications and the backup memory buffer are stored.
17. The data backup and restoration apparatus in accordance with claim 15 wherein the data backup and restoration apparatus further comprises a display area.
18. A storage medium having stored thereon a plurality of user applications and a backup memory buffer which, when loaded into a portable data device having a processing element, causes the processing element to perform the following functions:
share the backup memory buffer with the plurality of user applications;
store a valid state of data from a memory location in the storage medium into the backup memory buffer prior to performing a transaction for an application; and
restore the valid state of data from the backup memory buffer into the memory location upon power up of the portable data device in an event the transaction is terminated prior to completion, independent of a next application in which a next transaction is performed.
19. The storage medium in accordance with claim 18 wherein the portable data device is a personal digital assistant.
20. The storage medium in accordance with claim 18 wherein the portable data device is a cellular telephone.
US09/360,571 1999-07-26 1999-07-26 Method and apparatus for data backup and restoration in a portable data device Expired - Lifetime US6317755B1 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
US09/360,571 US6317755B1 (en) 1999-07-26 1999-07-26 Method and apparatus for data backup and restoration in a portable data device
PCT/US2000/018272 WO2001008049A1 (en) 1999-07-26 2000-06-30 Method and apparatus for data backup and restoration in a portable data device
AU60665/00A AU6066500A (en) 1999-07-26 2000-06-30 Method and apparatus for data backup and restoration in a portable data device
TW089113395A TW466448B (en) 1999-07-26 2000-07-06 Method and apparatus for data backup and restoration in a portable data device
ARP000103830A AR024926A1 (en) 1999-07-26 2000-07-25 METHOD AND APPLIANCE FOR DATA SECURITY AND RECOVERY IN A PORTABLE DATA DEVICE.

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US09/360,571 US6317755B1 (en) 1999-07-26 1999-07-26 Method and apparatus for data backup and restoration in a portable data device

Publications (1)

Publication Number Publication Date
US6317755B1 true US6317755B1 (en) 2001-11-13

Family

ID=23418574

Family Applications (1)

Application Number Title Priority Date Filing Date
US09/360,571 Expired - Lifetime US6317755B1 (en) 1999-07-26 1999-07-26 Method and apparatus for data backup and restoration in a portable data device

Country Status (5)

Country Link
US (1) US6317755B1 (en)
AR (1) AR024926A1 (en)
AU (1) AU6066500A (en)
TW (1) TW466448B (en)
WO (1) WO2001008049A1 (en)

Cited By (74)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010051519A1 (en) * 2000-06-12 2001-12-13 Kouji Shirai Portable telephone set
US20020090971A1 (en) * 2000-11-22 2002-07-11 Nec Corporation User setting information management method and management system for portable telephone
US20020116478A1 (en) * 2001-02-20 2002-08-22 Pierre Paradinas Adaptation of service applications to heterogeneous execution context by means of smart cards
US20030071718A1 (en) * 1996-04-01 2003-04-17 Kelly Guy M. Anti-tear protection for smart card transactions
US20030135524A1 (en) * 2001-09-06 2003-07-17 Cane David A. Data backup
US20030144002A1 (en) * 2000-02-15 2003-07-31 David Chambers Method for operating a user station in a cellular communication system
US20030233393A1 (en) * 2002-06-14 2003-12-18 Xiao-Feng Li Thread optimization for lock and unlock operations in a multi-thread environment
US20040045027A1 (en) * 2002-05-22 2004-03-04 Sony Corporation Portable information terminal, a control method for a portable information terminal, a program of a method of controlling a personal information terminal and a recording medium having recorded therein a program of a method of controlling a personal information terminal
US6718466B1 (en) * 1999-04-10 2004-04-06 Basis Gmbh, Edv-Vertriebs-Gesellschaft Data medium with restorable original base data content, and method for its production
US20040134746A1 (en) * 2002-10-11 2004-07-15 Masaru Miyaji Automatic fare paying device for vehicles and method
US6804690B1 (en) * 2000-12-27 2004-10-12 Emc Corporation Method for physical backup in data logical order
US20040235514A1 (en) * 2001-07-18 2004-11-25 Stephen Bloch Data security device
US20050102257A1 (en) * 2003-11-07 2005-05-12 Onyon Richard M. Personal information space management system and method
US20050191998A1 (en) * 2004-02-27 2005-09-01 Onyon Richard M. Wireless telephone data backup system
US7027805B1 (en) * 1999-08-05 2006-04-11 Matsushita Electric Industrial Co., Ltd. Mobile communication terminal
US20060090112A1 (en) * 2004-10-08 2006-04-27 International Business Machines Corporation Memory device verification of multiple write operations
US20060187031A1 (en) * 2005-02-07 2006-08-24 Impinj. Inc. Selecting RFID tags using memory-mapped parameters
US20070011416A1 (en) * 2005-07-08 2007-01-11 Lee Sung-Woo Data storage device and medium and related method of storing backup data
US20070044081A1 (en) * 2005-08-17 2007-02-22 Sun Microsystems, Inc. Application-responsive markup language parser
US20070053335A1 (en) * 2005-05-19 2007-03-08 Richard Onyon Mobile device address book builder
US20070223633A1 (en) * 2006-03-22 2007-09-27 Garrity Douglas A Non-overlapping multi-stage clock generator system
DE102006027200A1 (en) * 2006-06-12 2007-12-27 Giesecke & Devrient Gmbh Data carrier and method for contactless communication between the data carrier and a reading device
US20070296544A1 (en) * 2001-07-10 2007-12-27 American Express Travel Related Services Company, Inc. Method for using a sensor to register a biometric for use with a transponder-reader system related applications
US20080021840A1 (en) * 2001-07-10 2008-01-24 American Express Travel Related Services Company, Inc. Method and system for hand geometry recognition biometrics on a fob
US20080046379A1 (en) * 2001-07-10 2008-02-21 American Express Travel Related Services Company, Inc. System and method for proffering multiple biometrics for use with a fob
US20080120353A1 (en) * 2006-11-21 2008-05-22 Samsung Electronics Co., Ltd. Electronic device having file restore function and method thereof
US20090044012A1 (en) * 2001-07-10 2009-02-12 Xatra Fund Mx, Llc Rf transaction authentication using a random number
US7499888B1 (en) 2001-03-16 2009-03-03 Fusionone, Inc. Transaction authentication system and method
US20090079546A1 (en) * 2001-07-10 2009-03-26 Xatra Fund Mx, Llc Dna sample data in a transponder transaction
US20090106157A1 (en) * 2001-07-10 2009-04-23 Xatra Fund Mx, Llc Funding a Radio Frequency Device Transaction
US20090125446A1 (en) * 2001-07-10 2009-05-14 American Express Travel Related Services Company, Inc. System and Method for Secure Transactions Manageable by a Transaction Account Provider
US7587446B1 (en) 2000-11-10 2009-09-08 Fusionone, Inc. Acquisition and synchronization of digital media to a personal information space
US7668750B2 (en) 2001-07-10 2010-02-23 David S Bonalle Securing RF transactions using a transactions counter
US20100049988A1 (en) * 2006-11-16 2010-02-25 Boris Birman Method for access to a portable memory data support with auxiliary module and portable memory data support
US7705732B2 (en) 2001-07-10 2010-04-27 Fred Bishop Authenticating an RF transaction using a transaction counter
US7725427B2 (en) 2001-05-25 2010-05-25 Fred Bishop Recurrent billing maintenance with radio frequency payment devices
US7746215B1 (en) 2001-07-10 2010-06-29 Fred Bishop RF transactions using a wireless reader grid
US20100205149A1 (en) * 2009-02-09 2010-08-12 Kabushiki Kaisha Toshiba Mobile electronic apparatus and data management method in mobile electronic apparatus
US7793845B2 (en) 2004-07-01 2010-09-14 American Express Travel Related Services Company, Inc. Smartcard transaction system and method
US7814332B2 (en) 2001-07-10 2010-10-12 Blayn W Beenau Voiceprint biometrics on a payment device
US7818435B1 (en) 2000-12-14 2010-10-19 Fusionone, Inc. Reverse proxy mechanism for retrieving electronic content associated with a local network
US20100313194A1 (en) * 2007-04-09 2010-12-09 Anupam Juneja System and method for preserving device parameters during a fota upgrade
US20110010283A1 (en) * 2009-07-09 2011-01-13 Eddie Williams E-card
US7889052B2 (en) 2001-07-10 2011-02-15 Xatra Fund Mx, Llc Authorizing payment subsequent to RF transactions
US7895334B1 (en) 2000-07-19 2011-02-22 Fusionone, Inc. Remote access communication architecture apparatus and method
US7988038B2 (en) 2001-07-10 2011-08-02 Xatra Fund Mx, Llc System for biometric security using a fob
US8001054B1 (en) 2001-07-10 2011-08-16 American Express Travel Related Services Company, Inc. System and method for generating an unpredictable number using a seeded algorithm
US8049594B1 (en) 2004-11-30 2011-11-01 Xatra Fund Mx, Llc Enhanced RFID instrument security
US8073954B1 (en) 2000-07-19 2011-12-06 Synchronoss Technologies, Inc. Method and apparatus for a secure remote access system
USRE43157E1 (en) 2002-09-12 2012-02-07 Xatra Fund Mx, Llc System and method for reassociating an account number to another transaction account
US8156074B1 (en) 2000-01-26 2012-04-10 Synchronoss Technologies, Inc. Data transfer and synchronization system
US8181111B1 (en) 2007-12-31 2012-05-15 Synchronoss Technologies, Inc. System and method for providing social context to digital activity
USRE43460E1 (en) 2000-01-21 2012-06-12 Xatra Fund Mx, Llc Public/private dual card system and method
US20120150670A1 (en) * 2009-01-06 2012-06-14 Access Business Group International Llc Wireless power delivery during payment
US8255006B1 (en) 2009-11-10 2012-08-28 Fusionone, Inc. Event dependent notification system and method
US20120284551A1 (en) * 2009-11-25 2012-11-08 Junhua Zhao Deep standby method and device for embedded system
US8442943B2 (en) 2000-01-26 2013-05-14 Synchronoss Technologies, Inc. Data transfer and synchronization between mobile systems using change log
US8611873B2 (en) 2004-05-12 2013-12-17 Synchronoss Technologies, Inc. Advanced contact identification system
US8615566B1 (en) 2001-03-23 2013-12-24 Synchronoss Technologies, Inc. Apparatus and method for operational support of remote network systems
US8620286B2 (en) 2004-02-27 2013-12-31 Synchronoss Technologies, Inc. Method and system for promoting and transferring licensed content and applications
US8645471B2 (en) 2003-07-21 2014-02-04 Synchronoss Technologies, Inc. Device message management system
US20140226678A1 (en) * 2013-02-14 2014-08-14 Alaxala Networks Corporation Communication apparatus and frame processing method
US8818907B2 (en) 2000-03-07 2014-08-26 Xatra Fund Mx, Llc Limiting access to account information during a radio frequency transaction
US8872619B2 (en) 2001-07-10 2014-10-28 Xatra Fund Mx, Llc Securing a transaction between a transponder and a reader
US8943428B2 (en) 2010-11-01 2015-01-27 Synchronoss Technologies, Inc. System for and method of field mapping
US20150081946A1 (en) * 2012-04-02 2015-03-19 Morpho Method of in-memory modification of a data set
US9024719B1 (en) * 2001-07-10 2015-05-05 Xatra Fund Mx, Llc RF transaction system and method for storing user personal data
US9031880B2 (en) 2001-07-10 2015-05-12 Iii Holdings 1, Llc Systems and methods for non-traditional payment using biometric data
USRE45615E1 (en) 2001-07-10 2015-07-14 Xatra Fund Mx, Llc RF transaction device
US20160266974A1 (en) * 2015-03-10 2016-09-15 Kabushiki Kaisha Toshiba Memory controller, data storage device and data write method
US9454752B2 (en) 2001-07-10 2016-09-27 Chartoleaux Kg Limited Liability Company Reload protocol at a transaction processing entity
US9542076B1 (en) 2004-05-12 2017-01-10 Synchronoss Technologies, Inc. System for and method of updating a personal profile
US20180011914A1 (en) * 2015-08-28 2018-01-11 Hewlett Packard Enterprise Development Lp Collision handling during an asynchronous replication
US9881294B2 (en) 2001-07-10 2018-01-30 Chartoleaux Kg Limited Liability Company RF payment via a mobile device

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SG133613A1 (en) * 2004-06-14 2007-07-30 Sony Corp Information management device and information management method
CN100535935C (en) * 2006-12-26 2009-09-02 北京握奇数据系统有限公司 CPUCPU and logic encryption double-purpose smart card and its data synchronization method
FR3051061B1 (en) * 2016-05-03 2019-09-20 Idemia Identity And Security METHOD FOR BACKING UP AND RESTORING DATA OF A SECURE ELEMENT

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4839640A (en) * 1984-09-24 1989-06-13 Adt Inc. Access control system having centralized/distributed control
US5448045A (en) * 1992-02-26 1995-09-05 Clark; Paul C. System for protecting computers via intelligent tokens or smart cards
US5455946A (en) * 1993-05-21 1995-10-03 International Business Machines Corporation Method and means for archiving modifiable pages in a log based transaction management system
US5608720A (en) * 1993-03-09 1997-03-04 Hubbell Incorporated Control system and operations system interface for a network element in an access system
US5724581A (en) * 1993-12-20 1998-03-03 Fujitsu Limited Data base management system for recovering from an abnormal condition
US5813009A (en) * 1995-07-28 1998-09-22 Univirtual Corp. Computer based records management system method
US6253193B1 (en) * 1995-02-13 2001-06-26 Intertrust Technologies Corporation Systems and methods for the secure transaction management and electronic rights protection
US6272341B1 (en) * 1995-11-30 2001-08-07 Motient Services Inc. Network engineering/systems engineering system for mobile satellite communication system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4839640A (en) * 1984-09-24 1989-06-13 Adt Inc. Access control system having centralized/distributed control
US5448045A (en) * 1992-02-26 1995-09-05 Clark; Paul C. System for protecting computers via intelligent tokens or smart cards
US5608720A (en) * 1993-03-09 1997-03-04 Hubbell Incorporated Control system and operations system interface for a network element in an access system
US5455946A (en) * 1993-05-21 1995-10-03 International Business Machines Corporation Method and means for archiving modifiable pages in a log based transaction management system
US5724581A (en) * 1993-12-20 1998-03-03 Fujitsu Limited Data base management system for recovering from an abnormal condition
US6253193B1 (en) * 1995-02-13 2001-06-26 Intertrust Technologies Corporation Systems and methods for the secure transaction management and electronic rights protection
US5813009A (en) * 1995-07-28 1998-09-22 Univirtual Corp. Computer based records management system method
US6272341B1 (en) * 1995-11-30 2001-08-07 Motient Services Inc. Network engineering/systems engineering system for mobile satellite communication system

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
Fancher, Carol, "In your pocket: smartcards", IEEE Spectrum, Feb. 1997, vol.: 34, Issue: 2, pp. 47-53.*
Low, David A., "An Object Oriented Model for Distributed Backup and Archive", COMPCON '95. Digest of Papers "Technologies for the Information Superhoghway', Mar. 5-9, 1995, pp. 428-433.*
Low, David A., "An Object Oriented Model for Distributed Backup and Archive", COMPCON '95. Digest of Papers ‘Technologies for the Information Superhoghway’, Mar. 5-9, 1995, pp. 428-433.*
Mihara, Masaaki et al., "Row-Redundancy Scheme for High-Density Flash Memory", 1994 IEEE International Solid-state Circuits Conference, Digest of Technical Papers, Feb. 16-18, 1994, pp. 150-515. *

Cited By (128)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030071718A1 (en) * 1996-04-01 2003-04-17 Kelly Guy M. Anti-tear protection for smart card transactions
US6727802B2 (en) * 1996-04-01 2004-04-27 Guy M. Kelly Anti-tear protection for smart card transactions
US6718466B1 (en) * 1999-04-10 2004-04-06 Basis Gmbh, Edv-Vertriebs-Gesellschaft Data medium with restorable original base data content, and method for its production
US7027805B1 (en) * 1999-08-05 2006-04-11 Matsushita Electric Industrial Co., Ltd. Mobile communication terminal
USRE43460E1 (en) 2000-01-21 2012-06-12 Xatra Fund Mx, Llc Public/private dual card system and method
US8621025B2 (en) 2000-01-25 2013-12-31 Synchronoss Technologis, Inc. Mobile data transfer and synchronization system
US8315976B2 (en) 2000-01-26 2012-11-20 Synchronoss Technologies, Inc. Data transfer and synchronization system
US8442943B2 (en) 2000-01-26 2013-05-14 Synchronoss Technologies, Inc. Data transfer and synchronization between mobile systems using change log
US8156074B1 (en) 2000-01-26 2012-04-10 Synchronoss Technologies, Inc. Data transfer and synchronization system
US6963730B2 (en) * 2000-02-15 2005-11-08 Motorola, Inc. Method for operating a user station in a cellular communication system
US20030144002A1 (en) * 2000-02-15 2003-07-31 David Chambers Method for operating a user station in a cellular communication system
US8818907B2 (en) 2000-03-07 2014-08-26 Xatra Fund Mx, Llc Limiting access to account information during a radio frequency transaction
US20010051519A1 (en) * 2000-06-12 2001-12-13 Kouji Shirai Portable telephone set
US7181198B2 (en) * 2000-06-12 2007-02-20 Nec Corporation Program rewriting system and method for a portable telephone set
US8073954B1 (en) 2000-07-19 2011-12-06 Synchronoss Technologies, Inc. Method and apparatus for a secure remote access system
US7895334B1 (en) 2000-07-19 2011-02-22 Fusionone, Inc. Remote access communication architecture apparatus and method
US7587446B1 (en) 2000-11-10 2009-09-08 Fusionone, Inc. Acquisition and synchronization of digital media to a personal information space
US6839568B2 (en) * 2000-11-22 2005-01-04 Nec Corporation User setting information management method and management system for portable telephone
US20020090971A1 (en) * 2000-11-22 2002-07-11 Nec Corporation User setting information management method and management system for portable telephone
US7818435B1 (en) 2000-12-14 2010-10-19 Fusionone, Inc. Reverse proxy mechanism for retrieving electronic content associated with a local network
US6804690B1 (en) * 2000-12-27 2004-10-12 Emc Corporation Method for physical backup in data logical order
US20020116478A1 (en) * 2001-02-20 2002-08-22 Pierre Paradinas Adaptation of service applications to heterogeneous execution context by means of smart cards
US6862614B2 (en) * 2001-02-20 2005-03-01 Gemplus Adaptation of service applications to heterogeneous execution context by means of smart cards
US7499888B1 (en) 2001-03-16 2009-03-03 Fusionone, Inc. Transaction authentication system and method
US8615566B1 (en) 2001-03-23 2013-12-24 Synchronoss Technologies, Inc. Apparatus and method for operational support of remote network systems
US7725427B2 (en) 2001-05-25 2010-05-25 Fred Bishop Recurrent billing maintenance with radio frequency payment devices
US20100265038A1 (en) * 2001-07-10 2010-10-21 American Express Travel Related Services Company, Inc. Method and system for hand geometry recognition biometrics on a fob
US7814332B2 (en) 2001-07-10 2010-10-12 Blayn W Beenau Voiceprint biometrics on a payment device
US8548927B2 (en) 2001-07-10 2013-10-01 Xatra Fund Mx, Llc Biometric registration for facilitating an RF transaction
US8418918B2 (en) 2001-07-10 2013-04-16 American Express Travel Related Services Company, Inc. System and method for secure transactions manageable by a transaction account provider
US10839388B2 (en) 2001-07-10 2020-11-17 Liberty Peak Ventures, Llc Funding a radio frequency device transaction
US9886692B2 (en) 2001-07-10 2018-02-06 Chartoleaux Kg Limited Liability Company Securing a transaction between a transponder and a reader
US20070296544A1 (en) * 2001-07-10 2007-12-27 American Express Travel Related Services Company, Inc. Method for using a sensor to register a biometric for use with a transponder-reader system related applications
US20080021840A1 (en) * 2001-07-10 2008-01-24 American Express Travel Related Services Company, Inc. Method and system for hand geometry recognition biometrics on a fob
US20080046379A1 (en) * 2001-07-10 2008-02-21 American Express Travel Related Services Company, Inc. System and method for proffering multiple biometrics for use with a fob
US9881294B2 (en) 2001-07-10 2018-01-30 Chartoleaux Kg Limited Liability Company RF payment via a mobile device
US8294552B2 (en) 2001-07-10 2012-10-23 Xatra Fund Mx, Llc Facial scan biometrics on a payment device
US20090044012A1 (en) * 2001-07-10 2009-02-12 Xatra Fund Mx, Llc Rf transaction authentication using a random number
US8289136B2 (en) 2001-07-10 2012-10-16 Xatra Fund Mx, Llc Hand geometry biometrics on a payment device
US8284025B2 (en) 2001-07-10 2012-10-09 Xatra Fund Mx, Llc Method and system for auditory recognition biometrics on a FOB
US8279042B2 (en) 2001-07-10 2012-10-02 Xatra Fund Mx, Llc Iris scan biometrics on a payment device
US20090079546A1 (en) * 2001-07-10 2009-03-26 Xatra Fund Mx, Llc Dna sample data in a transponder transaction
US20090106157A1 (en) * 2001-07-10 2009-04-23 Xatra Fund Mx, Llc Funding a Radio Frequency Device Transaction
US20090119220A1 (en) * 2001-07-10 2009-05-07 Xatra Fund Mx, Llc Authorized sample receiver
US20090125401A1 (en) * 2001-07-10 2009-05-14 Xatra Fund Mx, Llc Biometric authorization of an rf transaction
US20090125446A1 (en) * 2001-07-10 2009-05-14 American Express Travel Related Services Company, Inc. System and Method for Secure Transactions Manageable by a Transaction Account Provider
US20090171851A1 (en) * 2001-07-10 2009-07-02 Xatra Fund Mx, Llc Registering a biometric for radio frequency transactions
US8635165B2 (en) 2001-07-10 2014-01-21 Xatra Fund Mx, Llc Biometric authorization of an RF transaction
US8074889B2 (en) 2001-07-10 2011-12-13 Xatra Fund Mx, Llc System for biometric security using a fob
US8066181B2 (en) 2001-07-10 2011-11-29 Xatra Fund Mx, Llc RF transaction authentication using a random number
US8016201B2 (en) 2001-07-10 2011-09-13 Xatra Fund Mx, Llc Authorized sample receiver
US7668750B2 (en) 2001-07-10 2010-02-23 David S Bonalle Securing RF transactions using a transactions counter
US9454752B2 (en) 2001-07-10 2016-09-27 Chartoleaux Kg Limited Liability Company Reload protocol at a transaction processing entity
US7690577B2 (en) 2001-07-10 2010-04-06 Blayn W Beenau Registering a biometric for radio frequency transactions
US7705732B2 (en) 2001-07-10 2010-04-27 Fred Bishop Authenticating an RF transaction using a transaction counter
US9336634B2 (en) 2001-07-10 2016-05-10 Chartoleaux Kg Limited Liability Company Hand geometry biometrics on a payment device
US7746215B1 (en) 2001-07-10 2010-06-29 Fred Bishop RF transactions using a wireless reader grid
US9129453B2 (en) 2001-07-10 2015-09-08 Xatra Fund Mx, Llc DNA sample data in a transponder transaction
US20100201484A1 (en) * 2001-07-10 2010-08-12 Fred Bishop Rf transactions using a wireless reader grid
US7780091B2 (en) 2001-07-10 2010-08-24 Beenau Blayn W Registering a biometric for radio frequency transactions
US8009018B2 (en) 2001-07-10 2011-08-30 Xatra Fund Mx, Llc RF transactions using a wireless reader grid
USRE45615E1 (en) 2001-07-10 2015-07-14 Xatra Fund Mx, Llc RF transaction device
US8001054B1 (en) 2001-07-10 2011-08-16 American Express Travel Related Services Company, Inc. System and method for generating an unpredictable number using a seeded algorithm
US7988038B2 (en) 2001-07-10 2011-08-02 Xatra Fund Mx, Llc System for biometric security using a fob
US9031880B2 (en) 2001-07-10 2015-05-12 Iii Holdings 1, Llc Systems and methods for non-traditional payment using biometric data
US9024719B1 (en) * 2001-07-10 2015-05-05 Xatra Fund Mx, Llc RF transaction system and method for storing user personal data
USRE45416E1 (en) 2001-07-10 2015-03-17 Xatra Fund Mx, Llc Processing an RF transaction using a routing number
US7886157B2 (en) 2001-07-10 2011-02-08 Xatra Fund Mx, Llc Hand geometry recognition biometrics on a fob
US8872619B2 (en) 2001-07-10 2014-10-28 Xatra Fund Mx, Llc Securing a transaction between a transponder and a reader
US7889052B2 (en) 2001-07-10 2011-02-15 Xatra Fund Mx, Llc Authorizing payment subsequent to RF transactions
US7054594B2 (en) * 2001-07-18 2006-05-30 Data Transfer & Communication Limited Data security device
US20040235514A1 (en) * 2001-07-18 2004-11-25 Stephen Bloch Data security device
US20030135524A1 (en) * 2001-09-06 2003-07-17 Cane David A. Data backup
US7509356B2 (en) * 2001-09-06 2009-03-24 Iron Mountain Incorporated Data backup
US20040045027A1 (en) * 2002-05-22 2004-03-04 Sony Corporation Portable information terminal, a control method for a portable information terminal, a program of a method of controlling a personal information terminal and a recording medium having recorded therein a program of a method of controlling a personal information terminal
US20070129070A1 (en) * 2002-05-22 2007-06-07 Sony Corporation Portable information terminal, a control method for a portable information terminal, a program of a method of controlling a personal information terminal and a recording medium having recorded therein a program of a method of controlling a personal information terminal
US9474103B2 (en) 2002-05-22 2016-10-18 Sony Corporation Portable information terminal, a control method for a portable information terminal, a program of a method of controlling a personal information terminal and a recording medium having recorded therein a program of a method of controlling a personal information terminal
US7221957B2 (en) * 2002-05-22 2007-05-22 Sony Corporation Portable information terminal, a control method for a portable information terminal, a program of a method of controlling a personal information terminal and a recording medium having recorded therein a program of a method of controlling a personal information terminal
US20030233393A1 (en) * 2002-06-14 2003-12-18 Xiao-Feng Li Thread optimization for lock and unlock operations in a multi-thread environment
US7117498B2 (en) * 2002-06-14 2006-10-03 Intel Corporation Thread optimization for lock and unlock operations in a multi-thread environment
USRE43157E1 (en) 2002-09-12 2012-02-07 Xatra Fund Mx, Llc System and method for reassociating an account number to another transaction account
US20040134746A1 (en) * 2002-10-11 2004-07-15 Masaru Miyaji Automatic fare paying device for vehicles and method
US7191933B2 (en) * 2002-10-11 2007-03-20 Asahi Seiko Kabushiki Kaisha Automatic fare paying device for vehicles and method
US8645471B2 (en) 2003-07-21 2014-02-04 Synchronoss Technologies, Inc. Device message management system
US9615221B1 (en) 2003-07-21 2017-04-04 Synchronoss Technologies, Inc. Device message management system
US9723460B1 (en) 2003-07-21 2017-08-01 Synchronoss Technologies, Inc. Device message management system
US20050102257A1 (en) * 2003-11-07 2005-05-12 Onyon Richard M. Personal information space management system and method
US8620286B2 (en) 2004-02-27 2013-12-31 Synchronoss Technologies, Inc. Method and system for promoting and transferring licensed content and applications
US20050191998A1 (en) * 2004-02-27 2005-09-01 Onyon Richard M. Wireless telephone data backup system
US7505762B2 (en) * 2004-02-27 2009-03-17 Fusionone, Inc. Wireless telephone data backup system
US20080208617A1 (en) * 2004-02-27 2008-08-28 Onyon Richard M Wireless telephone data backup system
US7643824B2 (en) * 2004-02-27 2010-01-05 Cooligy Inc Wireless telephone data backup system
US9542076B1 (en) 2004-05-12 2017-01-10 Synchronoss Technologies, Inc. System for and method of updating a personal profile
US8611873B2 (en) 2004-05-12 2013-12-17 Synchronoss Technologies, Inc. Advanced contact identification system
US8016191B2 (en) 2004-07-01 2011-09-13 American Express Travel Related Services Company, Inc. Smartcard transaction system and method
US7793845B2 (en) 2004-07-01 2010-09-14 American Express Travel Related Services Company, Inc. Smartcard transaction system and method
US20060090112A1 (en) * 2004-10-08 2006-04-27 International Business Machines Corporation Memory device verification of multiple write operations
US7603528B2 (en) * 2004-10-08 2009-10-13 International Business Machines Corporation Memory device verification of multiple write operations
US8264321B2 (en) 2004-11-30 2012-09-11 Xatra Fund Mx, Llc System and method for enhanced RFID instrument security
US9262655B2 (en) 2004-11-30 2016-02-16 Qualcomm Fyx, Inc. System and method for enhanced RFID instrument security
US8698595B2 (en) 2004-11-30 2014-04-15 QUALCOMM Incorporated4 System and method for enhanced RFID instrument security
US8049594B1 (en) 2004-11-30 2011-11-01 Xatra Fund Mx, Llc Enhanced RFID instrument security
US20060187031A1 (en) * 2005-02-07 2006-08-24 Impinj. Inc. Selecting RFID tags using memory-mapped parameters
US20070053335A1 (en) * 2005-05-19 2007-03-08 Richard Onyon Mobile device address book builder
US20070011416A1 (en) * 2005-07-08 2007-01-11 Lee Sung-Woo Data storage device and medium and related method of storing backup data
US20070044081A1 (en) * 2005-08-17 2007-02-22 Sun Microsystems, Inc. Application-responsive markup language parser
US7885965B2 (en) * 2005-08-17 2011-02-08 Oracle America, Inc. Application-responsive markup language parser
US7649957B2 (en) 2006-03-22 2010-01-19 Freescale Semiconductor, Inc. Non-overlapping multi-stage clock generator system
US20070223633A1 (en) * 2006-03-22 2007-09-27 Garrity Douglas A Non-overlapping multi-stage clock generator system
DE102006027200A1 (en) * 2006-06-12 2007-12-27 Giesecke & Devrient Gmbh Data carrier and method for contactless communication between the data carrier and a reading device
US8950006B2 (en) * 2006-11-16 2015-02-03 Giesecke & Devrient Gmbh Method for access to a portable memory data support with auxiliary module and portable memory data support
US20100049988A1 (en) * 2006-11-16 2010-02-25 Boris Birman Method for access to a portable memory data support with auxiliary module and portable memory data support
US20080120353A1 (en) * 2006-11-21 2008-05-22 Samsung Electronics Co., Ltd. Electronic device having file restore function and method thereof
US7809684B2 (en) * 2006-11-21 2010-10-05 Samsung Electronics Co., Ltd. Electronic device having file restore function and method thereof
US20100313194A1 (en) * 2007-04-09 2010-12-09 Anupam Juneja System and method for preserving device parameters during a fota upgrade
US8726259B2 (en) * 2007-04-09 2014-05-13 Kyocera Corporation System and method for preserving device parameters during a FOTA upgrade
US8181111B1 (en) 2007-12-31 2012-05-15 Synchronoss Technologies, Inc. System and method for providing social context to digital activity
US20120150670A1 (en) * 2009-01-06 2012-06-14 Access Business Group International Llc Wireless power delivery during payment
US20100205149A1 (en) * 2009-02-09 2010-08-12 Kabushiki Kaisha Toshiba Mobile electronic apparatus and data management method in mobile electronic apparatus
US20110010283A1 (en) * 2009-07-09 2011-01-13 Eddie Williams E-card
US8255006B1 (en) 2009-11-10 2012-08-28 Fusionone, Inc. Event dependent notification system and method
US20120284551A1 (en) * 2009-11-25 2012-11-08 Junhua Zhao Deep standby method and device for embedded system
US8943428B2 (en) 2010-11-01 2015-01-27 Synchronoss Technologies, Inc. System for and method of field mapping
US20150081946A1 (en) * 2012-04-02 2015-03-19 Morpho Method of in-memory modification of a data set
US20140226678A1 (en) * 2013-02-14 2014-08-14 Alaxala Networks Corporation Communication apparatus and frame processing method
US20160266974A1 (en) * 2015-03-10 2016-09-15 Kabushiki Kaisha Toshiba Memory controller, data storage device and data write method
US20180011914A1 (en) * 2015-08-28 2018-01-11 Hewlett Packard Enterprise Development Lp Collision handling during an asynchronous replication
US10929431B2 (en) * 2015-08-28 2021-02-23 Hewlett Packard Enterprise Development Lp Collision handling during an asynchronous replication

Also Published As

Publication number Publication date
TW466448B (en) 2001-12-01
WO2001008049A1 (en) 2001-02-01
AU6066500A (en) 2001-02-13
AR024926A1 (en) 2002-10-30

Similar Documents

Publication Publication Date Title
US6317755B1 (en) Method and apparatus for data backup and restoration in a portable data device
AU676731B2 (en) Data writing to non-volatile memory
KR910009297B1 (en) System for a portable data carrier
EP0873554B1 (en) Method of debiting an electronic payment means
US4877945A (en) IC card having a function to exclude erroneous recording
US4558211A (en) Transaction terminal system
US6070795A (en) Method of making recoverable smart card transactions, a method of recovering such a transaction, as well as a smart card allowing recoverable transactions
EP0213534B1 (en) Ic card
JP4806639B2 (en) Secure device and IC card issuing system
US4983816A (en) Portable electronic device
US5161231A (en) Processing system which transmits a predetermined error code upon detection of an incorrect transmission code
JPS63503335A (en) Secure file system for portable data carriers
KR920008755B1 (en) Multipurpose portable data carrier apparatus
US5532463A (en) Process for making secure the writing of sensitive data into the EEPROM data storage memory of a memory card and a memory card for use in the process
JP2005235028A (en) Information processor, information processing method, and computer program
EP0389484A1 (en) Data carrying devices
US5974145A (en) Method for cancelling a transaction of an electronic payment means, as well as payment means for application of the method
JP4334538B2 (en) IC card
JP5633125B2 (en) Information processing method, information processing apparatus, and program
JPH01213774A (en) Portable storage medium processor
JP3195122B2 (en) Check method of instruction format given to IC card
JPH1153487A (en) Method for deciding validity of written data on ic card
KR100580380B1 (en) Method and device for making payment with smart card
ES2212102T3 (en) STORAGE PROCEDURE OF VALUE UNITS IN AN INSURED CHIP CARD AND MONETARY TRANSACTION SYSTEM WITH SUCH TARCETS.
WO1998052152A2 (en) Communication between interface device and ic card

Legal Events

Date Code Title Description
AS Assignment

Owner name: MOTOROLA, INC., ILLINOIS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:RAKERS, PATRICK L.;COLLINS, TIMOTHY JAMES;RUSSELL, DANIEL J.;AND OTHERS;REEL/FRAME:010262/0466;SIGNING DATES FROM 19990916 TO 19990920

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

FPAY Fee payment

Year of fee payment: 8

AS Assignment

Owner name: MOTOROLA MOBILITY, INC, ILLINOIS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MOTOROLA, INC;REEL/FRAME:025673/0558

Effective date: 20100731

AS Assignment

Owner name: MOTOROLA MOBILITY LLC, ILLINOIS

Free format text: CHANGE OF NAME;ASSIGNOR:MOTOROLA MOBILITY, INC.;REEL/FRAME:029216/0282

Effective date: 20120622

FPAY Fee payment

Year of fee payment: 12

AS Assignment

Owner name: GOOGLE TECHNOLOGY HOLDINGS LLC, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MOTOROLA MOBILITY LLC;REEL/FRAME:034423/0001

Effective date: 20141028